Penetration Testing mailing list archives
Re: [PEN-TEST] Finding Web Admin Pages
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Sun, 25 Mar 2001 14:50:04 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RFP's Whisker tool will do all of that and more, you can grab it from http://www.wiretrip.net/rfp/ - -HD On Sunday 25 March 2001 04:59 am, Julian Niemeyer wrote:
Some Web servers seem to allow administration via HTTP. Obviously, there is not a link on the home page "Click here to administer the server"! Instead, the pages are hidden away - security through obscurity. I want to be able to find them. For a tool, I am first going to look at elza from www.stoev.org before writing anything. I recon it will be easy to check if a search returns a 404, 403 or 401. However, I am keen to avoid having to brute force directiories. Does anyone know of a list of well-used or default admin pages and ports for web servers (or other systems for that matter). If not, perhaps folks could post any that they have come across to this list so a collection can be compiled. Thanks, Julian
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBOr5Z/TwRvqMPEDLhEQJMsgCfdU3QBdJv0WQOj1RduQ/HEE2twXgAoKWc Vy8XByufIP4LvlJyHpjfxwv8 =npFy -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Finding Web Admin Pages Julian Niemeyer (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Fyodor (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Finding Web Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- Re: [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages Gossi The Dog (Mar 25)
- [PEN-TEST] Cobalt Raq II - Unprotected Admin Pages H D Moore (Mar 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Finding Web Admin Pages Yonatan Bokovza (Mar 25)